I'd also like to say something about the last paragraph of the article. "Those who would complain about how the stable tree is managed" "do well to remember" a few years ago when Chris Wright was involved in the stable releases as well. The official policy was different back then, and it's gone downhill since he stopped being involved. As for insinuating that the complainers (which would include me) haven't stepped up to offer time/energy, I'd like to point out that in July 2008 around the time when this issue was first heavily debated, the PaX Team and myself offered our free time to do similar cursory write-ups on the stable releases. Jake had presented the idea to us and said it would be hosted on LWN. Nothing had ended on a sour note, but the last email we received about it was the day after the first email we received about it. We didn't hear anything else back until we asked about it ourselves again in January of 2009. Apparently in the meantime Jake thought "it might not be very productive" and failed to inform us that he scrapped the idea.
Like Eugene mentioned, some of us are putting forth the effort to bring some honesty to the security of the kernel. If you look at Linus' ridiculous changelog message for move_pages(), at the lengths he went through to take the accurate, useful information he was given and turn it into something pointlessly obfuscated (when the two line fix screams of fixing completely nonexistent bounds checks), you'll understand why the work of the "complainers" is important. It's surprising, actually, given Linus' hatred for embargoes -- he wants users to have the security bugs fixed and not have to wait an arbitrary amount of time for it. How does he expect these fixes to get back to actual users if he actively works to hide them?
Seriously, look at it:
>From: Linus Torvalds <firstname.lastname@example.org>
>commit 6f5a55f1a6c5abee15a0e878e5c74d9f1569b8b0 upstream.
>We incorrectly depended on the 'node_state/node_isset()' functions
>testing the node range, rather than checking it explicitly. That's not
>reliable, even if it might often happen to work. So do the proper
>Reported-by: Marcus Meissner <email@example.com>
>Acked-and-tested-by: Brice Goglin <Brice.Goglin@inria.fr>
>Acked-by: Hugh Dickins <firstname.lastname@example.org>
>Signed-off-by: Linus Torvalds <email@example.com>
>Signed-off-by: Greg Kroah-Hartman <firstname.lastname@example.org>
> mm/migrate.c | 3 +++
> 1 file changed, 3 insertions(+)
>@@ -953,6 +953,9 @@ static int do_pages_move(struct mm_struc
> goto out_pm;
> err = -ENODEV;
>+ if (node < 0 || node >= MAX_NUMNODES)
>+ goto out_pm;
> if (!node_state(node, N_HIGH_MEMORY))
> goto out_pm;
I can imagine fixes for buffer overflows being worded like:
"We incorrectly depended on strcpy for testing the array size, rather than checking it explicitly. That's not reliable, even if it might often happen to work. So do the proper explicit test."
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds